Lucene search

K
cvelistPivotalCVELIST:CVE-2020-5398
HistoryJan 16, 2020 - 12:00 a.m.

CVE-2020-5398 RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application

2020-01-1600:00:00
CWE-79
pivotal
www.cve.org

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.625 Medium

EPSS

Percentile

97.8%

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header in the response where the filename attribute is derived from user supplied input.

CNA Affected

[
  {
    "product": "Spring Framework",
    "vendor": "Spring",
    "versions": [
      {
        "lessThan": "v5.0.16.RELEASE",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "v5.1.13.RELEASE",
        "status": "affected",
        "version": "5.1",
        "versionType": "custom"
      },
      {
        "lessThan": "v5.2.3.RELEASE",
        "status": "affected",
        "version": "5.2",
        "versionType": "custom"
      }
    ]
  }
]

References

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.625 Medium

EPSS

Percentile

97.8%